Commit 84751b98c1 ('WPS: Allow wildcard
UUID PIN to be used twice') relaxed the constraints on how many time a
wildcard PIN can be used to allow two attempts. However, it did this in
a way that could result in concurrent attempts resulting in the wildcard
PIN being invalidated even without the second attempt actually going as
far as trying to use the PIN and a WPS protocol run.
wildcard_uuid is a flag/counter set for wildcard PINs and it is
incremented whenever the PIN is retrieved by wps_registrar_get_pin().
Eventually it causes the wildcard PIN to be released, effectively
limiting the number of registration attempts with a wildcard PIN.
With the previous implementation, when the PIN is in use and locked
(PIN_LOCKED), it is not returned from wps_registrar_get_pin() but
wildcard_uuid is still incremented which can cause the PIN to be
released earlier and stations will have fewer registration attempts with
it. Fix this scenario by only incrementing wildcard_uuid if the PIN is
actually going to be returned and used.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Update the default scan IEs when OCE is enabled/disabled to the
driver/firmware, so that the correct IEs will be sent out by the
driver/firmware in Probe Request frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. In addition, add a shell script (update.sh) and the
needed CA files to automate this full update process.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add 802.11ax channel property flags for use with external ACS (QCA
vendor command). Use the remaining available bits in
qca_wlan_vendor_channel_prop_flags for the first few 11ax flags. Then
add qca_wlan_vendor_channel_prop_flags_2 as a continuation of
qca_wlan_vendor_channel_prop_flags and add the remaining 11ax flags
there. Note that qca_wlan_vendor_channel_prop_flags_ext is not used
since it is currently not intended for holding such information. Rather
it is meant for holding additional control information related to
features such as DFS, CSA, etc.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
ieee802_1x_kay_decode_mkpdu() calls ieee802_1x_mka_i_in_peerlist()
before body_len has been checked on all segments.
ieee802_1x_kay_decode_mkpdu() and ieee802_1x_mka_i_in_peerlist() might
continue and thus underflow left_len even if it finds left_len to small
(or before checking).
Additionally, ieee802_1x_mka_dump_peer_body() might perform out of bound
reads in this case.
Fix this by checking left_len and aborting if too small early.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
In fils_hlp_finish_assoc() the station is already added to the
driver so it is not needed to check the 'added_unassociated'
flag.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The FILS features on STA needs to be disabled for testing purposes to
verify the APUT behavior with non-FILS STAs. Add a QCA vendor attribute
for doing so.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Update these comments based on IEEE Std 802.11-2016 to get rid of the
already resolved TODO comment regarding duplicated N_KEY use. The
implementation does not need any changes since it was already following
the fixed version in the current standard.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There was a race condition on the sequence where iface.AbortScan() is
immediately followed by iface.Scan(). If the driver event
(NL80211_CMD_SCAN_ABORTED) arrived after the following new scan request,
the D-Bus operation failed. This is not what this test case is trying to
check, so wait for an indication of the previous scan having terminated
properly before issuing the next scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add checking for NULL req_ies when FILS processing a driver ASSOC event
in hostapd_notif_assoc(). This was already done in number of old code
paths, but the newer FILS path did not handle this. Though, it is
unlikely that this code path would be reachable in practice since this
is all within sta->auth_alg == WLAN_AUTH_FILS_* check.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Reject a DHE handshake if the server uses a DH prime that does not have
sufficient length to meet the Suite B 192-bit level requirement (<= 3k
(3072) bits).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The hostapd.conf tls_flags=[SUITEB-NO-ECDH] and wpa_supplicant network
profile phase1="tls_suiteb_no_ecdh=1" can now be used to configure Suite
B RSA constraints with ECDHE disabled. This is mainly to allow
the DHE TLS cipher suite to be tested.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Reject a peer certificate chain if it includes an RSA public key that
does not use sufficient key length to meet the Suite B 192-bit level
requirement (<= 3k (3072) bits).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds phase1 parameter tls_suiteb=1 into wpa_supplicant
configuration to allow TLS library (only OpenSSL supported for now) to
use Suite B 192-bit level rules with RSA when using >= 3k (3072) keys.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new psk=<hexdump> can be used as an alternative to pass=<passphrase>
when configuring the DPP Configurator with a legacy network parameters.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These control interface event messages can be used to allow hostapd AP
to be configured for legacy WPA2-Personal configuration with DPP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
While the Suite B AKM is not really going to be used with CCMP-128 or
GCMP-128 cipher, this corner case could be fixed if it is useful for
some testing purposes. Allow that special case to skip the HMAC-SHA1
check based on CCMP/GCMP cipher and use the following AKM-defined check
instead.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, wowlan_triggers were updated in kernel only during startup.
Also update it whenever it is set from the control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This part is missing from IEEE Std 802.11ai-2016, but the lack of DHss
here means there would not be proper PFS for the case where PMKSA
caching is used with FILS SK+PFS authentication. This was not really the
intent of the FILS design and that issue was fixed during REVmd work
with the changes proposed in
https://mentor.ieee.org/802.11/dcn/17/11-17-0906-04-000m-fils-fixes.docx
that add DHss into FILS-Key-Data (and PTK, in practice) derivation for
the PMKSA caching case so that a unique ICK, KEK, and TK are derived
even when using the same PMK.
Note: This is not backwards compatible, i.e., this breaks PMKSA caching
with FILS SK+PFS if only STA or AP side implementation is updated.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
IEEE Std 802.11ai-2016 had missed a change in the Pairwise key hierarchy
clause (12.7.1.3 in IEEE Std 802.11-2016) and due to that, the previous
implementation ended up using HMAC-SHA-1 -based PMKID derivation. This
was not really the intent of the FILS design and that issue was fixed
during REVmd work with the changes proposed in
https://mentor.ieee.org/802.11/dcn/17/11-17-0906-04-000m-fils-fixes.docx
that change FILS cases to use HMAC-SHA-256 and HMAC-SHA-384 based on the
negotiated AKM.
Update the implementation to match the new design. This changes the
rsn_pmkid() function to take in the more generic AKMP identifier instead
of a boolean identifying whether SHA256 is used.
Note: This is not backwards compatible, i.e., this breaks PMKSA caching
based on the initial ERP key hierarchy setup if only STA or AP side
implementation is updated. PMKSA caching based on FILS authentication
exchange is not impacted by this, though.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, the code that writes mesh_rssi_threshold to a network block
always executes, but the code that reads it from network block and the
code that initializes it to a default value in a new network block are
inside #ifdef CONFIG_MESH. As a result when writing a config file it
will write mesh_rssi_threshold (since it has a non-default value) and
later fail to read the network block.
Fix this by moving the write code under #ifdef CONFIG_MESH as well.
Note, network blocks which already have mesh_rssi_threshold because of
the bug will still fail to read after the fix.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
The introduction of radio works and a delayed callback to complete
association/connection requests ended up breaking RSN pre-authentication
candidate list generation for the case of pre-connection scan results.
Previously, wpa_supplicant_associate() set the RSN state machine
configuration before returning and the calls to
wpa_supplicant_rsn_preauth_scan_results() immediately after this
function call were working fine. However, with the radio work callback,
the RSN state machine configuration started to happen only in that
callback which would be called soon after this code path has completed.
This resulted in the RSN state machine not knowing the selected SSID and
as such, rejecting all pre-authentication candidates.
Fix this by setting the RSN state machine configuration from
wpa_supplicant_associate() so that the existing callers of
wpa_supplicant_rsn_preauth_scan_results() can be used as-is to add
candidates for pre-authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
secy_init_macsec() can fail (if ->macsec_init fails), and
ieee802_1x_kay_init() should handle this and not let MKA run any
further, because nothing is going to work anyway.
On failure, ieee802_1x_kay_init() must deinit its kay, which will free
kay->ctx, so ieee802_1x_kay_init callers (only ieee802_1x_alloc_kay_sm)
must not do it. Before this patch there is a double-free of the ctx
argument when ieee802_1x_kay_deinit() was called.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
When building wpa_ie in wpas_start_assoc_cb() with ext_capab,
make sure that assignment does not exceed max_wpa_ie_len.
Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
Removing interface from bridge in_br
linux_br_del_if(drv->global->ioctl_sock, in_br, ifname)
but in case of failure, the error print is incorrect:
it should show error for "in_br" instead of the wrong bridge name
"brname".
Signed-off-by: Rohit Pratap Singh <rohit.s@samsung.com>
Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
The STA can get disconnected event before the AP processed the
deauthentication frame, resulting in GET_FAIL command being sent too
early. Fix this by waiting for AP-STA-DISCONNECTED on AP side, too.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Import vht_supported from test_ap_vht to fix the following issue:
rrm_beacon_req_table_vht run failed: global name 'vht_supported' is not defined
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
ubsan reported:
../src/crypto/random.c:69:30: runtime error: shift exponent 32 is too large for 32-bit type 'unsigned int'
Explicitly check for the ROL32(x, 0) case which is supposed to be a
no-op.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
After KDF negotiation, must check only requested change occurred in the
list of AT_KDF attributes. If there are any other changes, the peer must
behave like the case that AT_MAC had been incorrect and authentication
is failed. These are defined in EAP-AKA' specification RFC 5448, Section
3.2.
Add a complete check of AT_KDF attributes and send Client-Error if a
change which is not requested is included in it.
Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sony.com>
AT_KDF attributes need to be included in Synchronization-Failure
according to EAP-AKA' specification RFC 5448.
Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sony.com>
pmksa_cache_add_entry() may actually free old_entry if the PMKSA cache
is full. This can result in the PMKSA cache containing entries with
corrupt expiration times.
Signed-off-by: Andrew Elble <aweits@rit.edu>